Executive Summary

CVE-2026-41565 is a stack buffer overflow vulnerability in CryptX versions before 0.088_001 for Perl. It affects four AEAD decrypt_verify helper functions: gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify, and eax_decrypt_verify. These functions copy an authentication tag provided by the caller into a fixed 144-byte stack buffer without checking the length of the tag. If an attacker supplies a tag longer than this buffer, it causes a stack overflow by overwriting memory beyond the buffer.

The vulnerability was fixed in version 0.088_001 by adding checks that clamp the tag length to the buffer size, preventing overflow. The issue arises because the affected functions do not validate the length of the authentication tag before copying it, allowing an attacker to trigger the overflow by providing an oversized tag.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify any direct impact of CVE-2026-41565 on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to memory corruption due to a stack buffer overflow when processing attacker-controlled authentication tags. Such memory corruption can cause crashes or potentially allow an attacker to execute arbitrary code or disrupt the normal operation of the application using CryptX.

Because the overflow occurs on the stack, it may be exploited to compromise the security of the system running the vulnerable CryptX version, leading to denial of service or escalation of privileges depending on the context in which the library is used.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves a stack buffer overflow in specific AEAD decrypt_verify helpers of CryptX versions before 0.088_001. Detection would involve identifying usage of vulnerable CryptX versions and monitoring for abnormal crashes or memory corruption during decryption operations using the affected helpers.

Since the issue is triggered by attacker-controlled authentication tags longer than the fixed buffer size (144 bytes), one detection approach is to monitor or log calls to the affected decrypt_verify functions and check for unusually long authentication tags.

Specific commands are not provided in the resources, but general detection steps could include:

• Check the installed CryptX version to confirm if it is before 0.088_001.
• Use Perl scripts or system monitoring tools to log or trace calls to the AEAD decrypt_verify functions (gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify, eax_decrypt_verify).
• Inspect logs or traces for authentication tags exceeding 144 bytes.
• Monitor for crashes or memory errors related to CryptX during decryption operations.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade CryptX to version 0.088_001 or later, where the vulnerability has been fixed by clamping the authentication tag length to the buffer size and improving input validation and memory safety.

Until an upgrade can be applied, avoid processing authentication tags longer than 144 bytes in the affected decrypt_verify functions to prevent triggering the overflow.

Review and apply patches from the official CryptX repository that address this issue, such as those improving tag length clamping and error handling.

Additionally, consider implementing input validation in your application code to reject or sanitize oversized authentication tags before passing them to CryptX functions.

Useful 0 Not Useful 0